PRIVACY NOTICE O’DESI MEALS
O’Desi Meals, trading under Fallforgreen Ltd. (the “Company” or “We”), takes your privacy seriously and are fully committed to keeping your information private. We are committed to protecting it through our compliance with this policy.
The processing and sharing of personal information comes with significant rights on your part and significant responsibilities on ours.
This Data Privacy Notice is provided to fulfil our obligations under the General Data Protection Regulation (GDPR), effective from 25 May 2018, which requires greater accountability and transparency from organisations with regard to your personal information, and which gives you greater control over how we use it.
Our Data Privacy Notice explains how and when we collect personal data from and about you, why we do so and how we treat this information. It also explains your rights in relation to the collection of personal information and how you can exercise those rights.
Data Privacy Notice
This is your guide to how personal data is managed by O’Desi Meals. Please read it carefully. Data privacy is taken very seriously by the Company . It is important that you know exactly what we do with the personal information you and others provide to us, why we gather it and what it means to you. This document outlines our approach to Data Privacy to fulfil our obligations under the General Data Protection Regulation (2018) and the Data Protection Acts 1998 – 2018.
We also welcome it as an opportunity to reassure you of the value we place on keeping your personal data secure, and of the strict procedures we apply to its use.
As a Company, the majority of personal data we process are contact details (including names, addresses, phone numbers and email addresses).
How do we collect your data
You directly provide our company with the data we require for processing your request and order fulfilment. The data subject is the source of the data. We collect the data and process it when you:
Place an order with us by filling up an online form and submit to O’Desi meals
Share your details over Company page/s of Instagram & messages
Share your details via Company page/s of Facebook & Facebook messenger
Directly mail us to process a request
Use WhatsApp (company number) to connect with us
What we do with this information
We collect this information for activities such as order placements, food delivery, tracking of food parcels that is delivered by drivers, payments, tracking of payments, email you invoices, customer service queries and operations management for order fulfilment.
Provision of information by a third party
We also receive personal information which we process from third parties such as driver for deliveries to cater to operational issues during order fulfilment.
Sharing of Personal Information
We also share personal information with third parties. For example, in order to deliver your order, we need to share your address and contact number for order fulfilment with the delivery driver.
Data protection principles
All processing of personal data must be conducted in accordance with the data protection principles set out in relevant legislation. Our policies and procedures are designed to ensure compliance with the following principles: -
Personal data must be processed lawfully, fairly and transparently.
Lawful – the legal basis for processing personal data is normally based on relevant legislation. We are permitted by law to process information to administer our operations on delivery, payment and core function of payment and order fulfilment.
Fairly – in order for processing to be fair, we have to make certain information available to you. This applies whether the personal data was obtained directly from you or from other sources. In our case, you are the source of the personal data. O’Desi Meals is the processor of the data.
Transparently – We will provide a Data Privacy Statement upfront whenever you are sharing personal information with the Department. We will ensure that the information provided is detailed and specific, and that the information is understandable and accessible*.
*We will provide copies of our policies in hard/soft copy as appropriate, and these will be written in plain English and will be available as Gaeilge if required.
Responsibilities under GDPR
Personal data can only be collected for specific, explicit and legitimate purposes. We will collect and process personal data only for the purposes for which it is collected. We will clearly state the purposes for which we collect and process your information.
Personal data must be adequate, relevant and limited to what is necessary for processing - We will ensure that in designing new and current methods of data collection, whether online, forms or offline, that only the personal data required to establish your identity and provide the service will be processed.
We will ensure that your data is accurate and complete - We need accurate and up-to-date data in order to ensure that the correct services are provided to the correct recipients. Where we have shared your data with a third party, we will update them as to any changes to your data, unless this is impossible or requires disproportionate effort.
Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing - We will implement appropriate policies and procedures to ensure that personal data is retained only for the minimum period required to provide the services in question. Once this period has passed, we may destroy the personal data, anonymise it or use any other appropriate method.
Personal data must be processed in a manner that ensures appropriate security - We will implement appropriate technical and organisation measures to ensure that appropriate security of the processing of personal data is implemented. This includes encryption, restricted access to files and physically securing the data.
Accountability for demonstrating compliance - We will ensure that we maintain adequate records of its processing and evidence that we have complied with this policy and related policies and procedures.
How do we store your data
Our Company securely stores your data in our computer systems (encrypted) and closed group shared drives (restricted access). Our company will keep your details (contact details including names, addresses, phone numbers and email addresses) for a period of 12 months. Once this period has expired, we will delete your data manually from our computer systems and restricted shared drives.
Transfers of personal data outside of the European Economic Area
Ordinarily we do not transfer your personal data outside of the European Economic Area (EEA) but where it is required to do so we will only transfer the data when an adequate level of protection to the treatment of your data is ensured.
We may need to share your data with a third party on occasion to provide services.
Your Rights under GDPR
You have the following rights under GDPR :
Right of access by the data subject -You have the right to request access to your personal data. This can be done by contacting the Company at the contact details below at firstname.lastname@example.org
Right to withdraw Consent - Where we have collected your data on the basis of consent. You have the right to withdraw your consent at any time. This will affect our ability to provide you with services.
Right to rectification - You have the right to have your personal data rectified where inaccuracies have been identified.
Right to erasure (right to be forgotten) -Where we process personal data it is normally because there is a statutory basis for the processing. Where we receive a request from you looking to exercise your right of erasure then we will carry out an assessment of whether the data can be erased without affecting our ability to provide future services to you or fulfil statutory obligations.
Right to restriction of processing - You can get us to restrict the processing of your personal information in certain circumstances. We will implement and maintain appropriate procedures to assess whether a request to restrict the processing of your data can be implemented. Where the request for restriction of processing is carried out then we will write to you to confirm the restriction has been implemented and when the restriction is lifted.
Right to data portability - The Company processes personal data it collects because there is normally a legitimate interest for the processing (fulfilment of your order). Where the Company has collected personal data on data subjects by consent or by contract then the data subjects have a right to receive the data in electronic format to give to another data controller.
Right to object - You have a right to object to the processing of your personal data in specific circumstances. Where such an objection is received, we will assess each case in its merits.
18 or Under
We are concerned to protect the privacy of children aged 18 or under. If you are aged 18 or under‚ you must get a parent/guardian’s permission before you provide any personal information to us.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: email@example.com or message us on Facebook (search Facebook- odesi.meals) or on Instagram (odesi_meals)
Use of 'cookies'
your Internet domain;
your IP address;
the type of browser and operating system you used to access our site;
the date and time you accessed our site;
the pages you visited and documents downloaded;
the number of bytes transmitted and received for each request.
We use any information we collect for statistical and administrative purposes only.
We examine this information to determine the traffic through the server, and to specific pages or applications, and in order to deliver better services. It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.
Links to other websites
Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Changes to this notice
We will update this Data Privacy Notice from time to time. Any changes will be made available on this page. This Notice was last updated in October 2021.
For more information on this notice or any data protection matters, please contact us at firstname.lastname@example.org. If you have a specific query regarding a scheme or service offered by the Company, you should contact https://www.odesimeals.com. Contact details can be found on our website.
APPENDIX – Glossary of Terms
Definitions of words/phrases used in relation to the protection of personal data and referred to in the text of the policy;
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is someone who can be identified, directly or indirectly, in particular by using details such as a name, an identification number, location data, an online identifier or to one or more specific references to their physical, physiological, genetic, mental, economic, cultural or social identity.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Access Request’ – this is where a person makes a request to the organisation for the disclosure of their personal data under Article 15 of the GDPR.
‘Data Subject’ – an individual who is the subject of personal data.
‘Controller’ The body responsible for collecting and processing personal data. This could be alone or in conjunction with another body (a joint controller).
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Trading Name O'Desi Meals
278 Argyle, Custom House Harbour,
IFSC, Dublin 1, Ireland